diff --git a/native/profile/secondary-device-qr-code-scanner.react.js b/native/profile/secondary-device-qr-code-scanner.react.js
--- a/native/profile/secondary-device-qr-code-scanner.react.js
+++ b/native/profile/secondary-device-qr-code-scanner.react.js
@@ -2,10 +2,16 @@
 
 import { useNavigation } from '@react-navigation/native';
 import { BarCodeScanner, type BarCodeEvent } from 'expo-barcode-scanner';
+import invariant from 'invariant';
 import * as React from 'react';
 import { View } from 'react-native';
 
 import { parseDataFromDeepLink } from 'lib/facts/links.js';
+import { IdentityClientContext } from 'lib/shared/identity-client-context.js';
+import { useTunnelbroker } from 'lib/tunnelbroker/tunnelbroker-context.js';
+import type { RawDeviceList } from 'lib/types/identity-service-types.js';
+import { qrCodeAuthMessageTypes } from 'lib/types/tunnelbroker/qr-code-auth-message-types.js';
+import { createQRAuthTunnelbrokerMessage } from 'lib/utils/qr-code-auth.js';
 
 import type { ProfileNavigationProp } from './profile.react.js';
 import type { NavigationRoute } from '../navigation/route-names.js';
@@ -26,6 +32,50 @@
   const styles = useStyles(unboundStyles);
   const navigation = useNavigation();
 
+  const tunnelbrokerContext = useTunnelbroker();
+  const identityContext = React.useContext(IdentityClientContext);
+  invariant(identityContext, 'identity context not set');
+
+  const addDeviceToList = React.useCallback(
+    async (newDeviceID: string) => {
+      const { getDeviceListHistoryForUser, updateDeviceList } =
+        identityContext.identityClient;
+      invariant(
+        updateDeviceList,
+        'updateDeviceList() should be defined for primary device',
+      );
+
+      const authMetadata = await identityContext.getAuthMetadata();
+      if (!authMetadata?.userID) {
+        throw new Error('missing auth metadata');
+      }
+
+      const deviceLists = await getDeviceListHistoryForUser(
+        authMetadata.userID,
+      );
+      invariant(deviceLists.length > 0, 'received empty device list history');
+
+      const lastSignedDeviceList = deviceLists[deviceLists.length - 1];
+      const deviceList: RawDeviceList = JSON.parse(
+        lastSignedDeviceList.rawDeviceList,
+      );
+
+      const { devices } = deviceList;
+      if (devices.includes(newDeviceID)) {
+        return;
+      }
+
+      const newDeviceList: RawDeviceList = {
+        devices: [...devices, newDeviceID],
+        timestamp: Date.now(),
+      };
+      await updateDeviceList({
+        rawDeviceList: JSON.stringify(newDeviceList),
+      });
+    },
+    [identityContext],
+  );
+
   React.useEffect(() => {
     void (async () => {
       const { status } = await BarCodeScanner.requestPermissionsAsync();
@@ -43,28 +93,52 @@
     })();
   }, [navigation]);
 
-  const onConnect = React.useCallback((barCodeEvent: BarCodeEvent) => {
-    const { data } = barCodeEvent;
-    const parsedData = parseDataFromDeepLink(data);
-    const keysMatch = parsedData?.data?.keys;
+  const onConnect = React.useCallback(
+    async (barCodeEvent: BarCodeEvent) => {
+      const { data } = barCodeEvent;
+      const parsedData = parseDataFromDeepLink(data);
+      const keysMatch = parsedData?.data?.keys;
 
-    if (!parsedData || !keysMatch) {
-      Alert.alert(
-        'Scan failed',
-        'QR code does not contain a valid pair of keys.',
-        [{ text: 'OK' }],
-      );
-      return;
-    }
-
-    const keys = JSON.parse(decodeURIComponent(keysMatch));
+      if (!parsedData || !keysMatch) {
+        Alert.alert(
+          'Scan failed',
+          'QR code does not contain a valid pair of keys.',
+          [{ text: 'OK' }],
+        );
+        return;
+      }
 
-    Alert.alert(
-      'Scan successful',
-      `QR code contains the following keys: ${JSON.stringify(keys)}`,
-      [{ text: 'OK' }],
-    );
-  }, []);
+      const keys = JSON.parse(decodeURIComponent(keysMatch));
+      const { aes256, ed25519 } = keys;
+
+      try {
+        const { deviceID: primaryDeviceID, userID } =
+          await identityContext.getAuthMetadata();
+        if (!primaryDeviceID || !userID) {
+          throw new Error('missing auth metadata');
+        }
+        await addDeviceToList(ed25519);
+        const message = createQRAuthTunnelbrokerMessage(aes256, {
+          type: qrCodeAuthMessageTypes.DEVICE_LIST_UPDATE_SUCCESS,
+          userID,
+          primaryDeviceID,
+        });
+        await tunnelbrokerContext.sendMessage({
+          deviceID: ed25519,
+          payload: JSON.stringify(message),
+        });
+      } catch (err) {
+        console.log('Primary device error:', err);
+        Alert.alert(
+          'Adding device failed',
+          'Failed to update the device list',
+          [{ text: 'OK' }],
+        );
+        navigation.goBack();
+      }
+    },
+    [tunnelbrokerContext, addDeviceToList, identityContext, navigation],
+  );
 
   const onCancelScan = React.useCallback(() => setScanned(false), []);